“A botched security fix released for the Java software framework 30 months ago has left millions of users vulnerable to attacks that Oracle had claimed were no longer possible, a security researcher said.
“
Source: Botched Java patch leaves millions vulnerable to 30-month-old attack | Ars Technica